%%-*- mode: erlang -*-
%% emqx_auth_ldap config mapping

{mapping, "auth.ldap.servers", "emqx_auth_ldap.ldap", [
  {default, "127.0.0.1"},
  {datatype, string}
]}.

{mapping, "auth.ldap.port", "emqx_auth_ldap.ldap", [
  {default, 389},
  {datatype, integer}
]}.

{mapping, "auth.ldap.bind_dn", "emqx_auth_ldap.ldap", [
  {datatype, string},
  {default, "cn=root,dc=emqtt,dc=com"}
]}.

{mapping, "auth.ldap.bind_password", "emqx_auth_ldap.ldap", [
  {datatype, string},
  {default, "public"}
]}.

{mapping, "auth.ldap.timeout", "emqx_auth_ldap.ldap", [
  {default, 30},
  {datatype, integer}
]}.

{mapping, "auth.ldap.ssl", "emqx_auth_ldap.ldap", [
  {default, false},
  {datatype, {enum, [true, false]}}
]}.

{mapping, "auth.ldap.ssl.certfile", "emqx_auth_ldap.ldap", [
  {datatype, string}
]}.

{mapping, "auth.ldap.ssl.keyfile ", "emqx_auth_ldap.ldap", [
  {datatype, string}
]}.

{mapping, "auth.ldap.ssl.cacertfile ", "emqx_auth_ldap.ldap", [
  {datatype, string}
]}.

{mapping, "auth.ldap.ssl.verify", "emqx_auth_ldap.ldap", [
  {default, verify_peer},
  {datatype, atom}
]}.

{mapping, "auth.ldap.ssl.fail_if_no_peer_cert", "emqx_auth_ldap.ldap", [
  {default, true},
  {datatype, {enum, [true, false]}}
]}.

%% TODO: ssl options...
{translation, "emqx_auth_ldap.ldap", fun(Conf) ->
    Servers = string:tokens(cuttlefish:conf_get("auth.ldap.servers", Conf), ","),
    Port = cuttlefish:conf_get("auth.ldap.port", Conf),
    BindDN = cuttlefish:conf_get("auth.ldap.bind_dn", Conf),
    BindPassword = cuttlefish:conf_get("auth.ldap.bind_password", Conf),
    Timeout = cuttlefish:conf_get("auth.ldap.timeout", Conf),
    Opts = [{servers, Servers}, {port, Port}, {timeout, Timeout}, {bind_dn, BindDN}, {bind_password, BindPassword}],
    case cuttlefish:conf_get("auth.ldap.ssl", Conf) of
        true  -> [{ssl, true}|Opts];
        false -> [{ssl, false}|Opts]
    end
end}.

{mapping, "auth.ldap.auth_dn", "emqx_auth_ldap.auth_dn", [
  {datatype, string}
]}.

{mapping, "auth.ldap.password_hash", "emqx_auth_ldap.password_hash", [
  {datatype, string}
]}.

{mapping, "auth.ldap.acl_dn", "emqx_auth_ldap.acl_dn", [
  {datatype, string}
]}.

{translation, "emqx_auth_ldap.password_hash", fun(Conf) ->
  HashValue = cuttlefish:conf_get("auth.ldap.password_hash", Conf),
    case string:tokens(HashValue, " ") of
        [Hash]           -> list_to_atom(Hash);
        [Prefix, Suffix] -> {list_to_atom(Prefix), list_to_atom(Suffix)};
        [Hash, MacFun, Iterations, Dklen] -> {list_to_atom(Hash), list_to_atom(MacFun), list_to_integer(Iterations), list_to_integer(Dklen)};
        _                -> plain
    end
end}.

